Security News > 2020 > April > Firefox, IE Vulnerabilities Exploited in Attacks on China, Japan
Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat actor in attacks aimed at China and Japan.
Both vulnerabilities were exploited in attacks before patches were released.
A blog post published in February by Chinese cybersecurity firm Qihoo 360 revealed that both security bugs were exploited as part of the same campaign aimed at Chinese government agencies.
Japan's Computer Emergency Response Team Coordination Center has reported seeing attacks on Japanese entities exploiting both CVE-2019-17026 and CVE-2020-0674.
In a blog post published on Thursday, JPCERT said targeted users are taken to a website set up to deliver Firefox or Internet Explorer exploits depending on the victim's browser.
News URL
Related news
- Infosec experts fear China could retaliate against tariffs with a Typhoon attack (source)
- China names alleged US snoops over Asian Winter Games attacks (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- China is using AI to sharpen every link in its attack chain, FBI warns (source)
- Airplay-enabled devices open to attack via “AirBorne” vulnerabilities (source)
- Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2019-17026 | Type Confusion vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. | 8.8 |
| 2020-02-11 | CVE-2020-0674 | Use After Free vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |